FTA: http://dronebl.org/blog/8

"...You are only vulnerable if:

Your device is a mipsel device.
Your device has telnet, SSH or web-based interfaces available to the WAN
Your username and password combinations are weak, OR the daemons that
your firmware uses are exploitable.

As such, 90% of the routers and modems participating in this botnet
are participating due to user-error (the user themselves or
otherwise). Unfortunately, it seems that some of the people covering
this botnet do not understand this point, and it is making us look
like a bunch of idiots.

Any device that meets the above criteria is vulnerable, including
those built on custom firmware such as OpenWRT and DD-WRT. If the
above criteria is not met, then the device is NOT vulnerable.

How can I tell if I have been infected?

Ports 22, 23 and 80 are blocked as part of the infection process (but
NOT as part of the rootkit itself, running the rootkit itself will not
alter your iptables configuration).

If these ports are blocked, you should perform a hard reset on your
device, change the administrative passwords, and update to the latest
firmware. These steps will remove the rootkit and ensure that your
device is not reinfected. ..."

fyi
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph

Reply via email to